Information Technology Reference
In-Depth Information
Disconnect:
Terminates the site-to-site link until a user action reestablishes it.
Enable:
Enables the site-to-site link. If the link is disabled, no action can establish
the connection.
Disable:
Disables the site-to-site link.
Unreachability Reason:
Reports the reason for the last failed connection attempt.
Dial-Out Hours:
Limits the site-to-site link to specific hours.
Delete:
Permanently removes the site-to-site link.
Properties:
Displays other properties of this link. The relevant properties include:
General:
Sets the host name or IP address of the remote server.
Options:
Sets a timeout period after which an idle connection will be broken, or
configures a persistent connection.
Networking:
Sets the network clients or protocols that you want to enable through
the site-to-site link.
How It Works
Demand-dial VPN connections are easy links to create between two distinct sites, such as a
branch office and a central office. Although an administrator could certainly configure each
workstation in the remote office to connect to the central server with its own VPN client, this
will undoubtedly place a significant demand on IT Help Desk staff; it can also be an inconve-
nience to the remote users who just want to have a transparent connection that is available
when needed. A site-to-site VPN, on the other hand, creates a connection that will be available
when needed without asking the end user to take additional steps to establish the link.
As described in this recipe, the administrator can choose to use either Point-to-Point
Tunneling Protocol (PPTP) or Layer-2 Tunneling Protocol (L2TP) for the connection.
PPTP, first supported in Windows NT 4.0 and Windows 98, takes advantage of the authen-
tication and encryption techniques of PPP. It relies on Microsoft Point-to-Point Encryption
(MPPE) to encrypt the PPP packets, and then encapsulates the encrypted data into a larger
data packet.
L2TP was first supported in Windows 2000 and is now the preferred method to establish
VPN tunnels. L2TP relies on Internet Protocol Security (IPSec) for its encryption rather than
MPPE. The combination of IPSec and L2TP is frequently labeled “L2TP over IPSec.” IPSec
provides the security; L2TP provides the transport mechanism. In addition to authentication
and encryption, L2TP over IPSec also provides enhanced compression.
By default, RRAS installs 128 PPTP and 128 L2TP ports when initially configured for VPN
usage; however, it can be configured to support (in theory) a maximum of 1,000 ports for each
protocol.
■
Note
Windows Server 2003 Web Edition will support only a single VPN connection.
